package com.spdzen.support.shiro;

import java.util.List;

import javax.annotation.Resource;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.spdzen.model.SysUser;
import com.spdzen.model.SysUserRole;
import com.spdzen.service.SysUserRoleService;
import com.spdzen.service.SysUserService;
import com.spdzen.support.AdminLoginInfo;
import com.spdzen.support.AdminLoginUtils;
import com.spdzen.support.PasswordUtils;
import com.spdzen.support.RequestUtils;
import com.spdzen.support.WebContextUtils;
import com.spdzen.support.constant.DbConstants;

public class AdminDbRealm extends AuthorizingRealm {
	@Resource
	private SysUserService sysUserService;

	@Resource
	private SysUserRoleService sysUserRoleService;

	/**
	 * 权限认证
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		String loginName = (String) principals.getPrimaryPrincipal();

		if (StringUtils.isBlank(loginName)) {
			return info;
		}

		SysUser user = sysUserService.selectByLoginName(loginName);
		if (user == null) {
			return info;
		}

		int type = user.getType().intValue();
		if (type == DbConstants.SYS_USER_TYPE_NORMAL) {
			// 普通用户
			List<SysUserRole> rows = sysUserRoleService.selectByUser(user.getId());

			if (rows != null && rows.size() > 0) {
				for (SysUserRole row : rows) {
					String sysRoleId = row.getSysRoleId().toString();
					info.addRole(sysRoleId);
				}
			}
		} else if (type == DbConstants.SYS_USER_TYPE_SUPER) {
			// 超级用户角色标识
			info.addRole("-2");
		}

		return info;
	}

	/**
	 * 登录验证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		UsernamePasswordToken ut = (UsernamePasswordToken) token;
		String loginName = ut.getUsername();
		String password = new String(ut.getPassword());

		SysUser user = sysUserService.selectByLoginName(loginName);
		if (user == null || !PasswordUtils.compare(password, user.getPassword())) {
			throw new AuthenticationException("用户不存在或密码错误！");
		}

		Integer status = user.getStatus();
		if (status != null && status.intValue() == 0) {
			throw new AuthenticationException("用户不存在或用户已被禁用！");
		}

		sysUserService.updateLogin(user.getId(), RequestUtils.getClientIp(WebContextUtils.getRequest()));

		AdminLoginInfo login = new AdminLoginInfo();
		login.setLoginName(user.getLoginName());
		login.setType(user.getType());
		login.setUserId(user.getId());

		AdminLoginUtils.setLoginInfo(login);
		SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(loginName, password, getName());

		return info;
	}

}
